cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
183
Views
0
Helpful
4
Replies
Highlighted
Beginner

Problem with VPN Spokes routing

Hello,

please help me figure it out.

In Hub - Site A there is Draytek 3900 (10.1.0.0/16) it have Ipsec VPN to:

-VPN Site B - 192.168.2.0/24 (cisco 1841)

VPN Site C -  192.168.5.0/24 (cisco 1841)

Now I have connection from A to B and A to C without problem, but I want that site B could reach C through A.

Because not all devices are draytek so I couldn't use "more subnet" setting in Ipsec profile,

so I have created additional Ipsec profiles for any subnet so:

Hub A have Ipsec profiles:

(10.1.0.0 - 192.168.2.0),

(10.1.0.0 - 192.168.5.0)

(192.168.5.0 - 192.168.2.0)

(192.168.2.0 - 192.168.5.0)

Site B have profiles:

(192.168.2.0 - 10.1.0.0)

(192.168.2.0 -192.168.5.0)

Site C have:

(192.168.5.0 - 10.1.0.0)

(192.168.5.0 - 192.168.2.0)

every Ipsec profiles are UP, on Cisco too but i Can't still reach C from B and vice-versa

could anyone help me?

4 REPLIES 4
Highlighted
Participant

Hello, .

Can you show output of the command "show crypto ipsec sa" from each Cisco device after sending some traffic from C to B (or from B to C)?

Highlighted

Hi Zuk,

Normally it should work with all cisco devices/or all Draytek Devices.

Not pretty sure with compatibility in different vendor environment.

Try to debug isakmp on Draytek Router, as well as on cisco devices while sending traffic from B to C.

 

HTH

 

Highlighted

Problem Solved!

On Cisco routers I didn't excluded these new networks from NAT,

so they weren't encrypted but forwarded throught default route to internet.

 

 

thanks for all.

 

Highlighted

Great!! Happy to hear that